<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="zh-CN" lang="zh-CN">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<meta name="viewport" content="width=device-width, initial-scale=1.0">
	<meta name="keywords" content="SecWiki，维基，安全，资讯，专题，导航，RSS聚合，Ｗeb安全，Ｗeb安全，移动平台，二进制安全，恶意分析，网络安全，设备安全，运维技术，编程技术，书籍推荐">
	<title>SecWiki周刊（第169期)</title>
	<link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/bootstrap.css"/>
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/styles.css" />
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/people.css" />
    <link rel="shortcut icon" href="https://secwiki.b0.upaiyun.com/img/favicon.ico">
	<meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <script src="//upcdn.b0.upaiyun.com/libs/jquery/jquery-1.8.3.min.js"></script>
</head>

<body>
<div class="navbar navbar-fixed-top"><div class="navbar-inner"><div class="container"><a class="btn btn-navbar" data-toggle="collapse" data-target="#yii_bootstrap_collapse_0"><span class="icon-bar"></span><span class="icon-bar"></span><span class="icon-bar"></span></a><a href="/index.php" class="brand"><img src="https://secwiki.b0.upaiyun.com/logo.jpg" alt="" /></a><div class="nav-collapse collapse" id="yii_bootstrap_collapse_0"><form class="navbar-search pull-right" action="/news/search">
         <input type="text" class="search-query span2" name="wd" placeholder="SecWiki">
        </form>
    	<ul id="yw0" class="nav"><li><a href="/index.php">首页</a></li><li><a href="/event">新闻</a></li><li><a href="/news">技术</a></li><li><a href="/skill">技能</a></li><li><a href="/topic">专题</a></li><li><a href="/book">书籍</a></li><li><a href="/user/members">成员</a></li><li><a href="/opml/index">聚合</a></li><li><a href="/tougao/create">投稿</a></li></ul></div></div></div></div>
<div class="container" id="page">
			<!-- breadcrumbs -->
	
    <div style="margin-left: 15px;">
	    <div class="row-fluid">
    <div id="content">
            <link rel="stylesheet" type="text/css" href="/css/mweekly.css"/>

<h5><strong>SecWiki周刊（第169期）</strong></h5>
<blockquote> 2017/05/22-2017/05/28</blockquote>
<section id="news">
    <div class="weeklydivide">
      <strong>安全资讯</strong>
    </div><div class="single"><span id="tags">[法规]&nbsp;&nbsp;</span>国家标准《信息安全技术 网络安全威胁信息表达模型》征求意见稿<br><a target="_blank" href="https://www.tc260.org.cn/front/bzzqyjDetail.html?id=20170524124403&amp;norm_id=20150910115414&amp;recode_id=23298">https://www.tc260.org.cn/front/bzzqyjDetail.html?id=20170524124403&amp;norm_id=20150910115414&amp;recode_id=23298</a></div><div class="single"><span id="tags">[法规]&nbsp;&nbsp;</span>国家标准《信息安全技术 大数据安全管理指南》征求意见稿<br><a target="_blank" href="http://www.qianjia.com/html/2017-05/25_270344.html">http://www.qianjia.com/html/2017-05/25_270344.html</a></div><div class="single"><span id="tags">[事件]&nbsp;&nbsp;</span> &#039;OpenVPN client is secure!&#039; This week: &#039;Unpatched bug in OpenVPN server&#039;<br><a target="_blank" href="https://www.theregister.co.uk/2017/05/24/last_week_openvpn_client_is_secure_brthis_week_unpatched_bug_in_openvpn_server/">https://www.theregister.co.uk/2017/05/24/last_week_openvpn_client_is_secure_brthis_week_unpatched_bug_in_openvpn_server/</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>GoSSIP 2017年软件与移动智能系统安全暑期学校<br><a target="_blank" href="https://zhuanlan.zhihu.com/p/27059772?from=secwiki">https://zhuanlan.zhihu.com/p/27059772?from=secwiki</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>黑客小说 杀手 （第十六章 网络灾难）<br><a target="_blank" href="http://www.jianshu.com/p/9c6731303af0">http://www.jianshu.com/p/9c6731303af0</a></div><div class="single"><span id="tags">[法规]&nbsp;&nbsp;</span>美国众议院通过《政府技术现代化法案》 <br><a target="_blank" href="https://www.easyaq.com/news/532414743.shtml">https://www.easyaq.com/news/532414743.shtml</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>​ 炙手可热的25家Chatbot初创企业，你知道几家？<br><a target="_blank" href="http://weibo.com/ttarticle/p/show?id=2309404111421393764209">http://weibo.com/ttarticle/p/show?id=2309404111421393764209</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>网络信息安全母基金启动 填补信息安全领域空白<br><a target="_blank" href="http://item.btime.com/32vc81f90138ovq7ftvh4rsd8nf">http://item.btime.com/32vc81f90138ovq7ftvh4rsd8nf</a></div></section><section id="news">
    <div class="weeklydivide">
      <strong>安全技术</strong>
    </div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>国产指纹库平台 – 天蝎指纹库<br><a target="_blank" href="http://www.freebuf.com/sectool/135216.html">http://www.freebuf.com/sectool/135216.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>AWVS11 批量扫描<br><a target="_blank" href="http://im1gd.me/2017/05/25/AWVS/">http://im1gd.me/2017/05/25/AWVS/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>(CVE-2017-7494)漏洞复现的坑<br><a target="_blank" href="http://thief.one/2017/05/25/2/">http://thief.one/2017/05/25/2/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>渗透测试方法论之文件上传！<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-23193-1-1.html">https://bbs.ichunqiu.com/thread-23193-1-1.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Msf复现Samba远程代码执行漏洞 – 即刻安全<br><a target="_blank" href="http://www.secist.com/archives/3666.html">http://www.secist.com/archives/3666.html</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>分布式机器学习系统AnyEmbedding介绍 <br><a target="_blank" href="http://www.flickering.cn/uncategorized/2017/05/%e5%88%86%e5%b8%83%e5%bc%8f%e6%9c%ba%e5%99%a8%e5%ad%a6%e4%b9%a0%e7%b3%bb%e7%bb%9fanyembedding%e4%bb%8b%e7%bb%8d/">http://www.flickering.cn/uncategorized/2017/05/%e5%88%86%e5%b8%83%e5%bc%8f%e6%9c%ba%e5%99%a8%e5%ad%a6%e4%b9%a0%e7%b3%bb%e7%bb%9fanyembedding%e4%bb%8b%e7%bb%8d/</a></div><div class="single"><span id="tags">[比赛]&nbsp;&nbsp;</span>第14届全国大学生信息安全与对抗技术竞赛（ISCC 2017） Writeup<br><a target="_blank" href="http://bobao.360.cn/ctf/detail/199.html">http://bobao.360.cn/ctf/detail/199.html</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>Cameradar hacks its way into RTSP CCTV cameras<br><a target="_blank" href="https://github.com/EtixLabs/cameradar">https://github.com/EtixLabs/cameradar</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Samba远程代码执行漏洞(CVE-2017-7494)分析<br><a target="_blank" href="http://blogs.360.cn/blog/samba%e8%bf%9c%e7%a8%8b%e4%bb%a3%e7%a0%81%e6%89%a7%e8%a1%8c%e6%bc%8f%e6%b4%9ecve-2017-7494%e5%88%86%e6%9e%90/">http://blogs.360.cn/blog/samba%e8%bf%9c%e7%a8%8b%e4%bb%a3%e7%a0%81%e6%89%a7%e8%a1%8c%e6%bc%8f%e6%b4%9ecve-2017-7494%e5%88%86%e6%9e%90/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>2.5代指纹追踪技术—跨浏览器指纹识别<br><a target="_blank" href="http://chengable.com/index.php/archives/317/">http://chengable.com/index.php/archives/317/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>如何正确的使用Ubuntu以及安装常用的渗透工具集<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-23253-1-1.html?from=43">https://bbs.ichunqiu.com/thread-23253-1-1.html?from=43</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>简单的Poc Exp编写<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-23266-1-1.html?from=43">https://bbs.ichunqiu.com/thread-23266-1-1.html?from=43</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>kali渗透windowsXP过程<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-23056-1-1.html?from=36">https://bbs.ichunqiu.com/thread-23056-1-1.html?from=36</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Exploiting Network Printers【PDF】<br><a target="_blank" href="https://www.ieee-security.org/TC/SP2017/papers/64.pdf">https://www.ieee-security.org/TC/SP2017/papers/64.pdf</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>解决扫描目标时IP被拉黑的小技巧<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-23029-1-1.html?from=36">https://bbs.ichunqiu.com/thread-23029-1-1.html?from=36</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>那些你不知道的爬虫反爬虫套路<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MjM5MDI3MjA5MQ==&amp;mid=2697266133&amp;idx=1&amp;sn=51426072d8ad4c4496795127e9c9f1ae">https://mp.weixin.qq.com/s?__biz=MjM5MDI3MjA5MQ==&amp;mid=2697266133&amp;idx=1&amp;sn=51426072d8ad4c4496795127e9c9f1ae</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>ContexIoT: 为应用化的IoT平台提供场景完整性<br><a target="_blank" href="https://www.inforsec.org/wp/?p=1988">https://www.inforsec.org/wp/?p=1988</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>MicroSploit: The Office Exploitation Toolkit!<br><a target="_blank" href="https://github.com/Screetsec/Microsploit">https://github.com/Screetsec/Microsploit</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>The Equation Group’s post-exploitation tools (DanderSpritz and more) Part 1<br><a target="_blank" href="https://research.kudelskisecurity.com/2017/05/18/the-equation-groups-post-exploitation-tools-danderspritz-and-more-part-1/">https://research.kudelskisecurity.com/2017/05/18/the-equation-groups-post-exploitation-tools-danderspritz-and-more-part-1/</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>开源扫描仪的工具箱：安全行业从业人员自研开源扫描器合集<br><a target="_blank" href="http://www.freebuf.com/sectool/135151.html">http://www.freebuf.com/sectool/135151.html</a></div><div class="single"><span id="tags">[杂志]&nbsp;&nbsp;</span>《安天365安全研究》第二期<br><a target="_blank" href="https://pan.baidu.com/s/1nuSzN2x">https://pan.baidu.com/s/1nuSzN2x</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>免杀技术有一套（免杀方法大集结）(Anti-AntiVirus) <br><a target="_blank" href="https://anhkgg.github.io/aanti-virus/">https://anhkgg.github.io/aanti-virus/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Tyranid&#039;s Lair: Reading Your Way Around UAC (Part 2)<br><a target="_blank" href="https://tyranidslair.blogspot.jp/2017/05/reading-your-way-around-uac-part-2.html">https://tyranidslair.blogspot.jp/2017/05/reading-your-way-around-uac-part-2.html</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>PRET: Printer Exploitation Toolkit  网络打印机攻击利器<br><a target="_blank" href="https://github.com/RUB-NDS/PRET#">https://github.com/RUB-NDS/PRET#</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>关于反调试&amp;反反调试那些事 <br><a target="_blank" href="http://www.alonemonkey.com/2017/05/25/antiantidebug/">http://www.alonemonkey.com/2017/05/25/antiantidebug/</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>phantomjs爬虫服务化<br><a target="_blank" href="http://jiayi.space/post/phantomjspa-chong-fu-wu-hua">http://jiayi.space/post/phantomjspa-chong-fu-wu-hua</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>浅谈中间件漏洞与防护<br><a target="_blank" href="http://thief.one/2017/05/25/1/">http://thief.one/2017/05/25/1/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>CIA网络安全武器“雅典娜”：超越炸弹的Windows恶意软件<br><a target="_blank" href="http://weibo.com/ttarticle/p/show?id=2309404110006243986109">http://weibo.com/ttarticle/p/show?id=2309404110006243986109</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>EXP学习--CVE-2016-5342<br><a target="_blank" href="https://ne2der.github.io/2017/EXP-cve-2016-5342/">https://ne2der.github.io/2017/EXP-cve-2016-5342/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>PinDemonium通用动态脱壳工具<br><a target="_blank" href="http://www.freebuf.com/sectool/135217.html">http://www.freebuf.com/sectool/135217.html</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>如何提升你的能力？给年轻程序员的几条建议<br><a target="_blank" href="http://tech.glowing.com/cn/advices-to-junior-developers/">http://tech.glowing.com/cn/advices-to-junior-developers/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>抵现券一券多用问题原理与总结<br><a target="_blank" href="http://www.polaris-lab.com/index.php/archives/323/">http://www.polaris-lab.com/index.php/archives/323/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>[CVE-2017-2500]Address bar spoofing on macOS Safari<br><a target="_blank" href="https://lightrains.org/cve-2017-2500/">https://lightrains.org/cve-2017-2500/</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>XGBoost/GBDT相关blog推荐<br><a target="_blank" href="https://zhuanlan.zhihu.com/p/27111288">https://zhuanlan.zhihu.com/p/27111288</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>SecWiki周刊（第168期)<br><a target="_blank" href="https://www.sec-wiki.com/weekly/168">https://www.sec-wiki.com/weekly/168</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>Splunk和CIS关键安全控制措施 <br><a target="_blank" href="https://www.sec-un.org/splunk%e5%92%8ccis%e5%85%b3%e9%94%ae%e5%ae%89%e5%85%a8%e6%8e%a7%e5%88%b6%e6%8e%aa%e6%96%bd/">https://www.sec-un.org/splunk%e5%92%8ccis%e5%85%b3%e9%94%ae%e5%ae%89%e5%85%a8%e6%8e%a7%e5%88%b6%e6%8e%aa%e6%96%bd/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>dagda: static analysis of known vulnerabilities in docker images/containers<br><a target="_blank" href="https://github.com/eliasgranderubio/dagda">https://github.com/eliasgranderubio/dagda</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>学点算法做安全之垃圾邮件识别（上）<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzIwOTc0MDU3NA==&amp;mid=2247483898&amp;idx=1&amp;sn=4716bef56491335157f89167ef6f5745&amp;chksm=976e778ba019fe9d8a87d686c4359ad70f7f3ec1a84e89b5e16304a9dd2d4692a7d3a5edd741&amp;scene=0&amp;key=bf4ec18a3a2a56d603e1f50ee62db34f444bb1eab0b82f22">https://mp.weixin.qq.com/s?__biz=MzIwOTc0MDU3NA==&amp;mid=2247483898&amp;idx=1&amp;sn=4716bef56491335157f89167ef6f5745&amp;chksm=976e778ba019fe9d8a87d686c4359ad70f7f3ec1a84e89b5e16304a9dd2d4692a7d3a5edd741&amp;scene=0&amp;key=bf4ec18a3a2a56d603e1f50ee62db34f444bb1eab0b82f22</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>快速构建站点地图工具 – PwnBack<br><a target="_blank" href="http://www.freebuf.com/sectool/135074.html">http://www.freebuf.com/sectool/135074.html</a></div><div class="single"><span id="tags">[无线安全]&nbsp;&nbsp;</span>如何用扫描仪控制的恶意程序，从隔离的网络中获取数据（含攻击演示视频）<br><a target="_blank" href="http://www.freebuf.com/news/133979.html">http://www.freebuf.com/news/133979.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>EternalRocks（永恒之石）蠕虫样本深入分析 <br><a target="_blank" href="http://blog.topsec.com.cn/ad_lab/eternalrocks%ef%bc%88%e6%b0%b8%e6%81%92%e4%b9%8b%e7%9f%b3%ef%bc%89%e8%a0%95%e8%99%ab%e6%a0%b7%e6%9c%ac%e6%b7%b1%e5%85%a5%e5%88%86%e6%9e%90/">http://blog.topsec.com.cn/ad_lab/eternalrocks%ef%bc%88%e6%b0%b8%e6%81%92%e4%b9%8b%e7%9f%b3%ef%bc%89%e8%a0%95%e8%99%ab%e6%a0%b7%e6%9c%ac%e6%b7%b1%e5%85%a5%e5%88%86%e6%9e%90/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>安天关于系统化应对NSA网络军火装备的操作手册<br><a target="_blank" href="http://www.antiy.com/response/Antiy_Wannacry_NSA.html">http://www.antiy.com/response/Antiy_Wannacry_NSA.html</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>深入浅出讨论<br><a target="_blank" href="https://mp.weixin.qq.com/s?src=3&amp;timestamp=1495792543&amp;ver=1&amp;signature=relTlXmYTj9CrTUdAEfsWCmjo1VYHjz9GtiY9Ud9bnCd7V505vq*XNPMRU0AWxaW5ySoiGXu2ca8QzRpT0KaflU0cJg0l5OX8pqH6LOEc1ApMl06Wj3RHXY2ASy70hRotV3A5BiMOcifvFLQJTddOguYTC*Vjvg-kiUg9Ey3m*A=">https://mp.weixin.qq.com/s?src=3&amp;timestamp=1495792543&amp;ver=1&amp;signature=relTlXmYTj9CrTUdAEfsWCmjo1VYHjz9GtiY9Ud9bnCd7V505vq*XNPMRU0AWxaW5ySoiGXu2ca8QzRpT0KaflU0cJg0l5OX8pqH6LOEc1ApMl06Wj3RHXY2ASy70hRotV3A5BiMOcifvFLQJTddOguYTC*Vjvg-kiUg9Ey3m*A=</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>scrapy+splash 爬取动态网站(JS) <br><a target="_blank" href="http://kekefund.com/2017/05/25/scrapy-splash/">http://kekefund.com/2017/05/25/scrapy-splash/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Tyranid&#039;s Lair: Reading Your Way Around UAC (Part 1)<br><a target="_blank" href="https://tyranidslair.blogspot.jp/2017/05/reading-your-way-around-uac-part-1.html">https://tyranidslair.blogspot.jp/2017/05/reading-your-way-around-uac-part-1.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>信息收集之SVN源代码社工获取及渗透实战<br><a target="_blank" href="https://xianzhi.aliyun.com/forum/read/1629.html">https://xianzhi.aliyun.com/forum/read/1629.html</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>Cloak and Dagger: From Two Permissions to Complete Control of the UI Feedback Loop<br><a target="_blank" href="http://cloak-and-dagger.org/">http://cloak-and-dagger.org/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Linux查杀木马经验总结<br><a target="_blank" href="http://qicheng0211.blog.51cto.com/3958621/1928738?utm_source=tuicool&amp;utm_medium=referral">http://qicheng0211.blog.51cto.com/3958621/1928738?utm_source=tuicool&amp;utm_medium=referral</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Samba 3.5.0 - Remote Code Execution   Python 版本测试代码<br><a target="_blank" href="https://www.exploit-db.com/exploits/42060/">https://www.exploit-db.com/exploits/42060/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>betterdefaultpasslist 设备或者常见端口默认用户名和密码列表<br><a target="_blank" href="https://github.com/govolution/betterdefaultpasslist">https://github.com/govolution/betterdefaultpasslist</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>知乎湾区机器学习分享会 - 现场实录<br><a target="_blank" href="https://zhuanlan.zhihu.com/p/27082391">https://zhuanlan.zhihu.com/p/27082391</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>RCTF 2017 web writeup<br><a target="_blank" href="http://www.math1as.com/index.php/archives/479/">http://www.math1as.com/index.php/archives/479/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Tyranid&#039;s Lair: Reading Your Way Around UAC (Part 3)<br><a target="_blank" href="http://tyranidslair.blogspot.jp/2017/05/reading-your-way-around-uac-part-3.html">http://tyranidslair.blogspot.jp/2017/05/reading-your-way-around-uac-part-3.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Pwn2own漏洞分享系列：利用macOS内核漏洞逃逸Safari沙盒<br><a target="_blank" href="http://blogs.360.cn/blog/pwn2own-using-macos-kernel-vuln-escape-from-safari-sandbox/">http://blogs.360.cn/blog/pwn2own-using-macos-kernel-vuln-escape-from-safari-sandbox/</a></div><div class="single"><span id="tags">[事件]&nbsp;&nbsp;</span>最新SMB僵尸网络利用了7个NSA工具，而WannaCry只用了两个……<br><a target="_blank" href="http://www.freebuf.com/news/135467.html">http://www.freebuf.com/news/135467.html</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>2017 Google Summer of Code: 1311个项目列表<br><a target="_blank" href="https://summerofcode.withgoogle.com/projects/#!">https://summerofcode.withgoogle.com/projects/#!</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>内网穿透——Android木马进入高级攻击阶段（二）<br><a target="_blank" href="http://blogs.360.cn/360mobile/2017/05/25/analysis_of_milkydoor/">http://blogs.360.cn/360mobile/2017/05/25/analysis_of_milkydoor/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Rails 中 ActiveRecord 的不当使用产生 SQLI 风险<br><a target="_blank" href="https://zhuanlan.zhihu.com/p/27131797?group_id=851542516149927936">https://zhuanlan.zhihu.com/p/27131797?group_id=851542516149927936</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>勒索软件这门生意<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzI3OTcwNDIwOA==&amp;mid=2247483744&amp;idx=1&amp;sn=8327a4825a254ecc7be8e0fdee4989cb&amp;scene=0#wechat_redirect">https://mp.weixin.qq.com/s?__biz=MzI3OTcwNDIwOA==&amp;mid=2247483744&amp;idx=1&amp;sn=8327a4825a254ecc7be8e0fdee4989cb&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>BookFresh Tricky File Upload Bypass to RCE<br><a target="_blank" href="https://www.secgeek.net/bookfresh-vulnerability/">https://www.secgeek.net/bookfresh-vulnerability/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>WannaCry：勒索软件攻击事件与Lazarus团伙有紧密关联<br><a target="_blank" href="https://www.symantec.com/connect/zh-hans/blogs/wannacry-lazarus-0">https://www.symantec.com/connect/zh-hans/blogs/wannacry-lazarus-0</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>FineCMS v2.1.5前台一处XSS+CSRF可getshell<br><a target="_blank" href="http://ecma.io/715.html">http://ecma.io/715.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>A Simple Tool for Linux Kernel Audits <br><a target="_blank" href="http://www.droidsec.org/blogs/2017/05/22/a-simple-tool-for-linux-kernel-audits.html">http://www.droidsec.org/blogs/2017/05/22/a-simple-tool-for-linux-kernel-audits.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Java Unmarshaller Security - Turning your data into code execution<br><a target="_blank" href="https://github.com/mbechler/marshalsec">https://github.com/mbechler/marshalsec</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>Auto Hooks Spider<br><a target="_blank" href="http://www.thinkings.org/2017/05/24/auto-hooks-spider.html">http://www.thinkings.org/2017/05/24/auto-hooks-spider.html</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>browser: 获取当前浏览器信息<br><a target="_blank" href="https://github.com/mumuy/browser">https://github.com/mumuy/browser</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>网卡厂商自动识别工具（附源代码）<br><a target="_blank" href="http://www.freebuf.com/sectool/135498.html">http://www.freebuf.com/sectool/135498.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>IntelAMT 固件密码绕过登录漏洞分析与实战<br><a target="_blank" href="http://simeon.blog.51cto.com/18680/1928915">http://simeon.blog.51cto.com/18680/1928915</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Password Guessing Framework  密码猜解方案<br><a target="_blank" href="https://www.password-guessing.org/static/index.php">https://www.password-guessing.org/static/index.php</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Hacking SQL Server Database Links: Lab Setup and Attack Guide<br><a target="_blank" href="https://blog.netspi.com/wp-content/uploads/2017/05/Technical-Article-Hacking-SQL-Server-Database-Links-Setup-and-Attack-Guide.pdf">https://blog.netspi.com/wp-content/uploads/2017/05/Technical-Article-Hacking-SQL-Server-Database-Links-Setup-and-Attack-Guide.pdf</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Hacked in Translation – from Subtitles to Complete Takeover<br><a target="_blank" href="http://blog.checkpoint.com/2017/05/23/hacked-in-translation/">http://blog.checkpoint.com/2017/05/23/hacked-in-translation/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Xion Audio Player &#039;.m3u8&#039;缓冲区溢出漏洞分析<br><a target="_blank" href="http://whereisk0shl.top/post/2017-05-24">http://whereisk0shl.top/post/2017-05-24</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>File2pcap - The Talos Swiss Army Knife of Snort Rule Creation<br><a target="_blank" href="http://blog.talosintelligence.com/2017/05/file2pcap.html#more">http://blog.talosintelligence.com/2017/05/file2pcap.html#more</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>2017年第一季度安卓系统安全性生态环境研究<br><a target="_blank" href="http://www.freebuf.com/articles/terminal/135351.html">http://www.freebuf.com/articles/terminal/135351.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>WPSeku - Simple Wordpress Security Scanner<br><a target="_blank" href="https://github.com/m4ll0k/WPSeku">https://github.com/m4ll0k/WPSeku</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Publish tweets by any other user<br><a target="_blank" href="http://kedrisec.com/twitter-publish-by-any-user/">http://kedrisec.com/twitter-publish-by-any-user/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>psychoPATH - hunting file uploads &amp; LFI in the dark<br><a target="_blank" href="https://github.com/ewilded/psychoPATH">https://github.com/ewilded/psychoPATH</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Dridex: A History of Evolution<br><a target="_blank" href="https://securelist.com/analysis/publications/78531/dridex-a-history-of-evolution/">https://securelist.com/analysis/publications/78531/dridex-a-history-of-evolution/</a></div><div class="single"><span id="tags">[无线安全]&nbsp;&nbsp;</span>The World Of Low Cost Software Defined Radio [PDF]<br><a target="_blank" href="http://www.rtl-sdr.com/wp-content/uploads/2017/05/The-world-of-low-cost-software-defined-radio_2.pdf">http://www.rtl-sdr.com/wp-content/uploads/2017/05/The-world-of-low-cost-software-defined-radio_2.pdf</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>luckystrike: A PowerShell for create malicious Office macro documents.<br><a target="_blank" href="https://github.com/Shellntel/luckystrike">https://github.com/Shellntel/luckystrike</a></div></section>
<section id="news">
        <pre style="margin-top: 15px; margin-bottom: 15px; padding: 6px 10px; max-width: 100%; color: rgb(62, 62, 62); background-color: rgb(255, 255, 255); -webkit-print-color-adjust: exact; border-width: 1px; border-style: solid; border-color: rgb(204, 204, 204); font-size: 13px; line-height: 19px; overflow: auto; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;"><code class="" style="max-width: 100%; -webkit-print-color-adjust: exact; border-width: initial; border-style: none; border-color: initial; background-color: transparent; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;">-----微信ID：SecWiki-----
SecWiki，5年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com</code></pre>
    <p style="max-width: 100%; min-height: 1em; color: rgb(62, 62, 62); font-size: 16px; white-space: normal; background-color: rgb(255, 255, 255); box-sizing: border-box !important; word-wrap: break-word !important;"><span style="max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;">本期原文地址:<span style="max-width: 100%; font-family: Helvetica, arial, sans-serif; box-sizing: border-box !important; word-wrap: break-word !important;">&nbsp;<a href="https://www.sec-wiki.com/weekly/169">SecWiki周刊(第169期)</a></span><br style="max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"></span></p>
</section>
    </div><!-- content -->
</div>
    </div>
</div>

<div id="footer" class="footer">
		<div class="container"  style="margin-top: 5px;">
			<div class="span3">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">最新公告</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='http://www.sec-wiki.com/about/donate'>2016-01-01 打赏功能开通</a><br>
						<a href='http://www.sec-wiki.com/about/join'>2015-01-05 如何加入SecWiki</a><br>
						<a href='http://www.sec-wiki.com/about/submit'>2014-08-08 如何快捷提交资讯</a><br>
						<a href='http://www.sec-wiki.com/about/index'>2012-07-01 关于SecWiki</a><br>
				</div>
			</div>

			<div class="span5">
				<div class="one-third column">
					<h5 class="title">
						<a target="_blank" href="/nav/index">友情链接</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='https://www.secsilo.com/'>安全沙漏</a>&nbsp;
						<a href='http://www.freebuf.com/'>Freebuf</a>&nbsp;
						<a href='http://www.anquanquan.info/'>安全圈</a>&nbsp;
						<a href='http://navisec.it/'>Navisec</a>&nbsp;
                        <a href='http://das.scusec.org'>小黑屋</a>&nbsp;
                        <a href='http://www.polaris-lab.com/'>勾陈Lab</a>
                        <br>
						<a href='http://www.ijiandao.com'>网络尖刀</a>&nbsp;
                        <a href='http://www.shellpub.com/'>ShellPub</a>&nbsp;
                        <a href='http://www.secpulse.com/?secwiki'>SecPulse</a>&nbsp;
                        <a href='https://www.secquan.org/'>圈子</a>
                        <a href='http://bluereader.org/'>深蓝阅读</a>&nbsp;<br>
                        <a href='http://www.bugbank.cn/'>漏洞银行</a>
                        <a href='http://bobao.360.cn/'>安全客</a>
                        <a href='http://www.secfree.com/'>指尖安全</a>
                        <a href='https://www.easyaq.com/'>E安全</a>
                        <a href='http://www.vipread.com/'>安全slide</a>

                        <a href="/link">更多</a>
					</p>
				</div>
			</div>

			<div class="span2">
			    <div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">SecWiki公众号</a>						<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/weixin.jpg">
					</div>
				</div>
			</div>

			<div class="span2">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/donate">安全学术圈</a>					<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/secquan.jpg">
					</div>
				</div>
			</div>

		</div>
		<div class="container" style="margin-top:5px;margin-bottom: 10px;">
			<div class="span9">
					Copyright &copy;
					2019                    琼ICP备16003361号-4
                    SecWiki
					<a href="/news/rss">
						<img src="/img/rss.gif" border="0" width="36px" height="14px" alt="订阅SecWiki">
					</a>
					<a href="https://www.upyun.com/">
						<img src="https://secwiki.b0.upaiyun.com/upyun.png" width="80" border="0" alt="UPYUN">
					</a>
					<a href="http://www.vultr.com/?ref=6885244">
						<img src="https://secwiki.b0.upaiyun.com/vultr.png" width="100" border="0" alt="vultr">
					</a>&nbsp;&nbsp;
			</div>
		</div>
</div><!-- footer -->
<div id="csswithjs">
        <script type="text/javascript">
            var _bdhmProtocol = (("https:" == document.location.protocol) ? " https://" : " http://");
            document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3Fbad84ea1f314383f8da7949aad5c2199' type='text/javascript'%3E%3C/script%3E"));
    </script>
</div>
<script type="text/javascript" src="https://secwiki.b0.upaiyun.com/js/bs.min.js"></script>
<script type="text/javascript">
/*<![CDATA[*/
jQuery(function($) {
jQuery('[data-toggle=popover]').popover();
jQuery('body').tooltip({"selector":"[data-toggle=tooltip]"});
jQuery('#yii_bootstrap_collapse_0').collapse({'parent':false,'toggle':false});
});
/*]]>*/
</script>
</body>
<!-- page -->
</html>
